Code Access Secutiy example.

Damir Dobric Posts

Next talks:

 

    

Follow me on Twitter: #ddobric



 

 

Archives

This post describe shortly how to set the full trust all assemblies in the specified share.

 

>caspol -m -ag LocalIntranet_Zone -url \\machinename1\temp\* FullTrust -n "IntranetApplications" -d "FullTrust for all applications in the specified share" -exclusive on

 

The example above extends the machine policy level (-m) with the new code group (-ag) named ‘IntranetApplications’. The new code group is inserted under node “LocalIntranet_Zone”, which already defines the policy for all applications in intranet.

 

The new code group’s policy will be usually combined with the existing group policy in the intranet zone. Because of this the code group “IntranetApplications” is created with the exclusive flag (-exclusive on). It means,  all assemblies matching the target url (\\machinename\temp\*) will used policy defined by this group only.

If this flag wouldn’t be used, the resulting policy for all assemblies in the specified share would be less then FullTrust, because the policy of the new group would be intersected with the policy of its parent group (in this case LocalIntranet_Zone).

More about caspol tool.

More advanced about policies and security groups can be found here (GER only). 


Posted Nov 01 2006, 02:06 PM by Damir Dobric

Comments

Damir Dobric wrote re: Code Access Secutiy example.
on 02-01-2007 12:03

If it is required to perform quiet installation of security policy then the parameter -q should be added at the beginning of the command as shown in the following example:

caspol -q -m -ag LocalIntranet_Zone -url \\MyHost\temp1\* FullTrust -n "IntranetApplications" -d "FullTrust for all applications in the Temp dir" -exclusive on

Quiet execution of the caspol is mostly useful by adding of the command to the setup application.

Damir Dobric Posts wrote Caspol and StrongName
on 07-05-2007 19:01

The example bellow shows how to set the FullTrust permission on two assemblies, which are signed with

AV wrote re: Code Access Secutiy example.
on 12-23-2010 3:30

is there any way to set the full trust for certain strong named assemblies in the specified share.

Damir Dobric wrote re: Code Access Secutiy example.
on 12-26-2010 14:21

.NET 4.0 introduces a new security model. caspol will be deprected in the future. It works, but it is too complicated.

Take a look on this article: msdn.microsoft.com/.../ee677170.aspx

developers.de is a .Net Community Blog powered by daenet GmbH.